Lines Matching full:measure
22 action: measure | dont_measure | appraise | dont_appraise |
68 when action is "measure" and func is KEY_CHECK.
70 (eg, ima-ng). Only valid when action is "measure".
74 For example, "selinux" to measure critical data for SELinux.
114 measure func=BPRM_CHECK
115 measure func=FILE_MMAP mask=MAY_EXEC
116 measure func=FILE_CHECK mask=MAY_READ uid=0
117 measure func=MODULE_CHECK
118 measure func=FIRMWARE_CHECK
134 measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
135 measure subj_role=system_r func=FILE_CHECK mask=MAY_READ
139 measure subj_user=_ func=FILE_CHECK mask=MAY_READ
141 Example of measure rules using alternate PCRs::
143 measure func=KEXEC_KERNEL_CHECK pcr=4
144 measure func=KEXEC_INITRAMFS_CHECK pcr=5
150 Example of measure rule using KEY_CHECK to measure all keys:
152 measure func=KEY_CHECK
154 Example of measure rule using KEY_CHECK to only measure
157 measure func=KEY_CHECK keyrings=.builtin_trusted_keys|.ima
165 Example of a 'measure' rule requiring fs-verity's digests
168 measure func=FILE_CHECK digest_type=verity \
171 Example of 'measure' and 'appraise' rules requiring fs-verity
174 The 'measure' rule specifies the 'ima-sigv3' template option,
178 measure func=BPRM_CHECK digest_type=verity \